kore.h (31634B)
1 /*
2 * Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #ifndef __H_KORE_H
18 #define __H_KORE_H
19
20 #if defined(__APPLE__)
21 #define daemon portability_is_king
22 #endif
23
24 #include <sys/param.h>
25 #include <sys/types.h>
26 #include <sys/time.h>
27 #include <sys/queue.h>
28 #include <sys/un.h>
29
30 #include <netinet/in.h>
31 #include <arpa/inet.h>
32
33 #include <errno.h>
34 #include <regex.h>
35 #include <stdarg.h>
36 #include <stdlib.h>
37 #include <stdio.h>
38 #include <signal.h>
39 #include <string.h>
40 #include <syslog.h>
41 #include <unistd.h>
42 #include <stdarg.h>
43
44 #if defined(__cplusplus)
45 extern "C" {
46 #endif
47
48 #if defined(__APPLE__)
49 #undef daemon
50 extern int daemon(int, int);
51 #define st_mtim st_mtimespec
52 #endif
53
54 #if !defined(KORE_NO_SENDFILE)
55 #if defined(__MACH__) || defined(__FreeBSD_version) || defined(__linux__)
56 #define KORE_USE_PLATFORM_SENDFILE 1
57 #endif
58 #endif
59
60 #if defined(__OpenBSD__)
61 #define KORE_USE_PLATFORM_PLEDGE 1
62 #endif
63
64 #if defined(TLS_BACKEND_OPENSSL)
65 #include <openssl/x509.h>
66 #include <openssl/ssl.h>
67 typedef X509 KORE_X509;
68 typedef SSL KORE_TLS;
69 typedef SSL_CTX KORE_TLS_CTX;
70 typedef X509_NAME KORE_X509_NAMES;
71 typedef EVP_PKEY KORE_PRIVATE_KEY;
72 #else
73 typedef void KORE_X509;
74 typedef void KORE_TLS;
75 typedef void KORE_TLS_CTX;
76 typedef void KORE_X509_NAMES;
77 typedef void KORE_PRIVATE_KEY;
78 #endif
79
80 #define KORE_RSAKEY_BITS 4096
81
82 #define KORE_RESULT_ERROR 0
83 #define KORE_RESULT_OK 1
84 #define KORE_RESULT_RETRY 2
85
86 #define KORE_TLS_VERSION_1_3 0
87 #define KORE_TLS_VERSION_1_2 1
88 #define KORE_TLS_VERSION_BOTH 2
89
90 #define KORE_BASE64_RAW 0x0001
91
92 #define KORE_WAIT_INFINITE (u_int64_t)-1
93 #define KORE_RESEED_TIME (1800 * 1000)
94
95 #define errno_s strerror(errno)
96 #define ssl_errno_s ERR_error_string(ERR_get_error(), NULL)
97 #define KORE_DOMAINNAME_LEN 255
98 #define KORE_PIDFILE_DEFAULT "kore.pid"
99 #define KORE_DHPARAM_PATH PREFIX "/share/kore/ffdhe4096.pem"
100 #define KORE_DEFAULT_CIPHER_LIST "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256"
101
102 #if defined(KORE_DEBUG)
103 #define kore_debug(...) \
104 if (kore_debug) \
105 kore_debug_internal(__FILE__, __LINE__, __VA_ARGS__)
106 #else
107 #define kore_debug(...)
108 #endif
109
110 #define NETBUF_RECV 0
111 #define NETBUF_SEND 1
112 #define NETBUF_SEND_PAYLOAD_MAX 8192
113 #define SENDFILE_PAYLOAD_MAX (1024 * 1024 * 10)
114
115 #define NETBUF_LAST_CHAIN 0
116 #define NETBUF_BEFORE_CHAIN 1
117
118 #define NETBUF_CALL_CB_ALWAYS 0x01
119 #define NETBUF_FORCE_REMOVE 0x02
120 #define NETBUF_MUST_RESEND 0x04
121 #define NETBUF_IS_STREAM 0x10
122 #define NETBUF_IS_FILEREF 0x20
123
124 #define KORE_X509_COMMON_NAME_ONLY 0x0001
125
126 #define KORE_PEM_CERT_CHAIN 1
127 #define KORE_DER_CERT_DATA 2
128
129 /* XXX hackish. */
130 #if !defined(KORE_NO_HTTP)
131 struct http_request;
132 struct http_redirect;
133 #endif
134
135 #define KORE_FILEREF_SOFT_REMOVED 0x1000
136
137 struct kore_fileref {
138 int cnt;
139 int flags;
140 int ontls;
141 off_t size;
142 char *path;
143 u_int64_t mtime;
144 time_t mtime_sec;
145 u_int64_t expiration;
146 void *base;
147 int fd;
148 TAILQ_ENTRY(kore_fileref) list;
149 };
150
151 struct netbuf {
152 u_int8_t *buf;
153 size_t s_off;
154 size_t b_len;
155 size_t m_len;
156 u_int8_t type;
157 u_int8_t flags;
158
159 struct kore_fileref *file_ref;
160 off_t fd_off;
161 off_t fd_len;
162
163 struct connection *owner;
164 void *extra;
165 int (*cb)(struct netbuf *);
166
167 TAILQ_ENTRY(netbuf) list;
168 };
169
170 TAILQ_HEAD(netbuf_head, netbuf);
171
172 #define KORE_TYPE_LISTENER 1
173 #define KORE_TYPE_CONNECTION 2
174 #define KORE_TYPE_PGSQL_CONN 3
175 #define KORE_TYPE_TASK 4
176 #define KORE_TYPE_PYSOCKET 5
177 #define KORE_TYPE_CURL_HANDLE 6
178
179 #define CONN_STATE_UNKNOWN 0
180 #define CONN_STATE_TLS_SHAKE 1
181 #define CONN_STATE_ESTABLISHED 2
182 #define CONN_STATE_DISCONNECTING 3
183
184 #define CONN_PROTO_UNKNOWN 0
185 #define CONN_PROTO_HTTP 1
186 #define CONN_PROTO_WEBSOCKET 2
187 #define CONN_PROTO_MSG 3
188 #define CONN_PROTO_ACME_ALPN 200
189
190 #define KORE_EVENT_READ 0x01
191 #define KORE_EVENT_WRITE 0x02
192 #define KORE_EVENT_ERROR 0x04
193
194 #define CONN_IDLE_TIMER_ACT 0x0001
195 #define CONN_CLOSE_EMPTY 0x0002
196 #define CONN_WS_CLOSE_SENT 0x0004
197 #define CONN_IS_BUSY 0x0008
198 #define CONN_LOG_TLS_FAILURE 0x0020
199 #define CONN_TLS_ALPN_ACME_SEEN 0x0040
200 #define CONN_TLS_SNI_SEEN 0x0080
201
202 #define KORE_IDLE_TIMER_MAX 5000
203
204 #define WEBSOCKET_OP_CONT 0x00
205 #define WEBSOCKET_OP_TEXT 0x01
206 #define WEBSOCKET_OP_BINARY 0x02
207 #define WEBSOCKET_OP_CLOSE 0x08
208 #define WEBSOCKET_OP_PING 0x09
209 #define WEBSOCKET_OP_PONG 0x0a
210
211 #define WEBSOCKET_BROADCAST_LOCAL 1
212 #define WEBSOCKET_BROADCAST_GLOBAL 2
213
214 #define KORE_TIMER_ONESHOT 0x01
215 #define KORE_TIMER_FLAGS (KORE_TIMER_ONESHOT)
216
217 #define KORE_CONNECTION_PRUNE_DISCONNECT 0
218 #define KORE_CONNECTION_PRUNE_ALL 1
219
220 struct kore_event {
221 int type;
222 int flags;
223 void (*handle)(void *, int);
224 } __attribute__((packed));
225
226 struct connection {
227 struct kore_event evt;
228 int fd;
229 u_int8_t state;
230 u_int8_t proto;
231 struct listener *owner;
232 KORE_TLS *tls;
233 KORE_X509 *tls_cert;
234 char *tls_sni;
235 int tls_reneg;
236
237 u_int16_t flags;
238 void *hdlr_extra;
239
240 int (*handle)(struct connection *);
241 void (*disconnect)(struct connection *);
242 int (*read)(struct connection *, size_t *);
243 int (*write)(struct connection *, size_t, size_t *);
244
245 int family;
246 union {
247 struct sockaddr_in ipv4;
248 struct sockaddr_in6 ipv6;
249 struct sockaddr_un sun;
250 } addr;
251
252 struct {
253 u_int64_t length;
254 u_int64_t start;
255 } idle_timer;
256
257 struct netbuf_head send_queue;
258 struct netbuf *snb;
259 struct netbuf *rnb;
260
261 #if !defined(KORE_NO_HTTP)
262 u_int64_t http_start;
263 u_int64_t http_timeout;
264 struct kore_runtime_call *ws_connect;
265 struct kore_runtime_call *ws_message;
266 struct kore_runtime_call *ws_disconnect;
267 TAILQ_HEAD(, http_request) http_requests;
268 #endif
269
270 TAILQ_ENTRY(connection) list;
271 };
272
273 TAILQ_HEAD(connection_list, connection);
274 extern struct connection_list connections;
275 extern struct connection_list disconnected;
276
277 #define KORE_RUNTIME_NATIVE 0
278 #define KORE_RUNTIME_PYTHON 1
279
280 struct kore_runtime {
281 int type;
282 #if !defined(KORE_NO_HTTP)
283 int (*http_request)(void *, struct http_request *);
284 void (*http_request_free)(void *, struct http_request *);
285 void (*http_body_chunk)(void *,
286 struct http_request *, const void *, size_t);
287 int (*validator)(void *, struct http_request *, const void *);
288 void (*wsconnect)(void *, struct connection *);
289 void (*wsdisconnect)(void *, struct connection *);
290 void (*wsmessage)(void *, struct connection *,
291 u_int8_t, const void *, size_t);
292 #endif
293 void (*execute)(void *);
294 int (*onload)(void *, int);
295 void (*signal)(void *, int);
296 void (*connect)(void *, struct connection *);
297 void (*configure)(void *, int, char **);
298 };
299
300 struct kore_runtime_call {
301 void *addr;
302 struct kore_runtime *runtime;
303 };
304
305 #if !defined(KORE_NO_HTTP)
306
307 struct kore_route_params {
308 char *name;
309 int flags;
310 u_int8_t method;
311 struct kore_validator *validator;
312
313 TAILQ_ENTRY(kore_route_params) list;
314 };
315
316 struct kore_route {
317 char *path;
318 char *func;
319 int type;
320 int errors;
321 int methods;
322 regex_t rctx;
323 struct kore_domain *dom;
324 struct kore_auth *auth;
325 struct kore_runtime_call *rcall;
326 struct kore_runtime_call *on_free;
327 struct kore_runtime_call *on_headers;
328 struct kore_runtime_call *on_body_chunk;
329
330 TAILQ_HEAD(, kore_route_params) params;
331 TAILQ_ENTRY(kore_route) list;
332 };
333
334 #endif
335
336 struct kore_domain {
337 u_int16_t id;
338 int logerr;
339 u_int64_t logwarn;
340 int accesslog;
341
342 char *domain;
343 struct kore_buf *logbuf;
344 struct kore_server *server;
345
346 #if defined(KORE_USE_ACME)
347 int acme;
348 int acme_challenge;
349 void *acme_cert;
350 size_t acme_cert_len;
351 #endif
352 char *cafile;
353 char *crlfile;
354 char *certfile;
355 char *certkey;
356 KORE_TLS_CTX *tls_ctx;
357 int x509_verify_depth;
358 #if !defined(KORE_NO_HTTP)
359 TAILQ_HEAD(, kore_route) routes;
360 TAILQ_HEAD(, http_redirect) redirects;
361 #endif
362 TAILQ_ENTRY(kore_domain) list;
363 };
364
365 TAILQ_HEAD(kore_domain_h, kore_domain);
366
367 extern struct kore_runtime kore_native_runtime;
368
369 struct listener {
370 struct kore_event evt;
371 int fd;
372 int family;
373 char *port;
374 char *host;
375 struct kore_server *server;
376 struct kore_runtime_call *connect;
377
378 LIST_ENTRY(listener) list;
379 };
380
381 struct kore_server {
382 int tls;
383 char *name;
384 struct kore_domain_h domains;
385 LIST_HEAD(, listener) listeners;
386 LIST_ENTRY(kore_server) list;
387 };
388
389 LIST_HEAD(kore_server_list, kore_server);
390
391 #if !defined(KORE_NO_HTTP)
392
393 #define KORE_PARAMS_QUERY_STRING 0x0001
394
395 #define KORE_AUTH_TYPE_COOKIE 1
396 #define KORE_AUTH_TYPE_HEADER 2
397 #define KORE_AUTH_TYPE_REQUEST 3
398
399 struct kore_auth {
400 u_int8_t type;
401 char *name;
402 char *value;
403 char *redirect;
404 struct kore_validator *validator;
405
406 TAILQ_ENTRY(kore_auth) list;
407 };
408
409 #define HANDLER_TYPE_STATIC 1
410 #define HANDLER_TYPE_DYNAMIC 2
411
412 #endif /* !KORE_NO_HTTP */
413
414 #define KORE_MODULE_LOAD 1
415 #define KORE_MODULE_UNLOAD 2
416
417 #define KORE_MODULE_NATIVE 0
418 #define KORE_MODULE_PYTHON 1
419
420 struct kore_module;
421
422 struct kore_module_functions {
423 void (*free)(struct kore_module *);
424 void (*reload)(struct kore_module *);
425 int (*callback)(struct kore_module *, int);
426 void (*load)(struct kore_module *);
427 void *(*getsym)(struct kore_module *, const char *);
428 };
429
430 struct kore_module {
431 void *handle;
432 char *path;
433 char *onload;
434 int type;
435 struct kore_runtime_call *ocb;
436
437 struct kore_module_functions *fun;
438 struct kore_runtime *runtime;
439
440 TAILQ_ENTRY(kore_module) list;
441 };
442
443 /*
444 * The workers get a 128KB log buffer per worker, and parent will fetch their
445 * logs when it reached at least 75% of that or if its been > 1 second since
446 * it was last synced.
447 */
448 #define KORE_ACCESSLOG_BUFLEN 131072U
449 #define KORE_ACCESSLOG_SYNC 98304U
450
451 struct kore_alog_header {
452 u_int16_t domain;
453 u_int16_t loglen;
454 } __attribute__((packed));
455
456 struct kore_privsep {
457 char *root;
458 char *runas;
459 int skip_runas;
460 int skip_chroot;
461 };
462
463 struct kore_worker {
464 u_int16_t id;
465 u_int16_t cpu;
466 int ready;
467 int running;
468 #if defined(__linux__)
469 int tracing;
470 #endif
471 pid_t pid;
472 int pipe[2];
473 struct connection *msg[2];
474 u_int8_t has_lock;
475 int restarted;
476 u_int64_t time_locked;
477 struct kore_route *active_route;
478 struct kore_privsep *ps;
479
480 /* Used by the workers to store accesslogs. */
481 struct {
482 int lock;
483 size_t offset;
484 char buf[KORE_ACCESSLOG_BUFLEN];
485 } lb;
486 };
487
488 #if !defined(KORE_NO_HTTP)
489
490 #define KORE_VALIDATOR_TYPE_REGEX 1
491 #define KORE_VALIDATOR_TYPE_FUNCTION 2
492
493 struct kore_validator {
494 u_int8_t type;
495 char *name;
496 char *arg;
497 regex_t rctx;
498 struct kore_runtime_call *rcall;
499
500 TAILQ_ENTRY(kore_validator) list;
501 };
502 #endif /* !KORE_NO_HTTP */
503
504 #define KORE_BUF_OWNER_API 0x0001
505
506 struct kore_buf {
507 u_int8_t *data;
508 int flags;
509 size_t length;
510 size_t offset;
511 };
512
513 #define KORE_JSON_TYPE_OBJECT 0x0001
514 #define KORE_JSON_TYPE_ARRAY 0x0002
515 #define KORE_JSON_TYPE_STRING 0x0004
516 #define KORE_JSON_TYPE_NUMBER 0x0008
517 #define KORE_JSON_TYPE_LITERAL 0x0010
518 #define KORE_JSON_TYPE_INTEGER 0x0020
519 #define KORE_JSON_TYPE_INTEGER_U64 0x0040
520
521 #define KORE_JSON_FALSE 0
522 #define KORE_JSON_TRUE 1
523 #define KORE_JSON_NULL 2
524
525 #define KORE_JSON_DEPTH_MAX 10
526
527 #define KORE_JSON_ERR_NONE 0
528 #define KORE_JSON_ERR_INVALID_OBJECT 1
529 #define KORE_JSON_ERR_INVALID_ARRAY 2
530 #define KORE_JSON_ERR_INVALID_STRING 3
531 #define KORE_JSON_ERR_INVALID_NUMBER 4
532 #define KORE_JSON_ERR_INVALID_LITERAL 5
533 #define KORE_JSON_ERR_DEPTH 6
534 #define KORE_JSON_ERR_EOF 7
535 #define KORE_JSON_ERR_INVALID_JSON 8
536 #define KORE_JSON_ERR_INVALID_SEARCH 9
537 #define KORE_JSON_ERR_NOT_FOUND 10
538 #define KORE_JSON_ERR_TYPE_MISMATCH 11
539 #define KORE_JSON_ERR_LAST KORE_JSON_ERR_TYPE_MISMATCH
540
541 #define kore_json_find_object(j, p) \
542 kore_json_find(j, p, KORE_JSON_TYPE_OBJECT)
543
544 #define kore_json_find_array(j, p) \
545 kore_json_find(j, p, KORE_JSON_TYPE_ARRAY)
546
547 #define kore_json_find_string(j, p) \
548 kore_json_find(j, p, KORE_JSON_TYPE_STRING)
549
550 #define kore_json_find_number(j, p) \
551 kore_json_find(j, p, KORE_JSON_TYPE_NUMBER)
552
553 #define kore_json_find_integer(j, p) \
554 kore_json_find(j, p, KORE_JSON_TYPE_INTEGER)
555
556 #define kore_json_find_integer_u64(j, p) \
557 kore_json_find(j, p, KORE_JSON_TYPE_INTEGER_U64)
558
559 #define kore_json_find_literal(j, p) \
560 kore_json_find(j, p, KORE_JSON_TYPE_LITERAL)
561
562 #define kore_json_create_object(o, n) \
563 kore_json_create_item(o, n, KORE_JSON_TYPE_OBJECT)
564
565 #define kore_json_create_array(o, n) \
566 kore_json_create_item(o, n, KORE_JSON_TYPE_ARRAY)
567
568 #define kore_json_create_string(o, n, v) \
569 kore_json_create_item(o, n, KORE_JSON_TYPE_STRING, v)
570
571 #define kore_json_create_number(o, n, v) \
572 kore_json_create_item(o, n, KORE_JSON_TYPE_NUMBER, (double)v)
573
574 #define kore_json_create_integer(o, n, v) \
575 kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER, (int64_t)v)
576
577 #define kore_json_create_integer_u64(o, n, v) \
578 kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER_U64, (u_int64_t)v)
579
580 #define kore_json_create_literal(o, n, v) \
581 kore_json_create_item(o, n, KORE_JSON_TYPE_LITERAL, v)
582
583 struct kore_json {
584 const u_int8_t *data;
585 int depth;
586 size_t length;
587 size_t offset;
588
589 struct kore_buf tmpbuf;
590 struct kore_json_item *root;
591 };
592
593 struct kore_json_item {
594 u_int32_t type;
595 char *name;
596 struct kore_json_item *parent;
597
598 union {
599 TAILQ_HEAD(, kore_json_item) items;
600 char *string;
601 double number;
602 int literal;
603 int64_t integer;
604 u_int64_t u64;
605 } data;
606
607 int (*parse)(struct kore_json *,
608 struct kore_json_item *);
609
610 TAILQ_ENTRY(kore_json_item) list;
611 };
612
613 struct kore_pool_region {
614 void *start;
615 size_t length;
616 LIST_ENTRY(kore_pool_region) list;
617 };
618
619 struct kore_pool_entry {
620 u_int8_t state;
621 struct kore_pool_region *region;
622 LIST_ENTRY(kore_pool_entry) list;
623 };
624
625 struct kore_pool {
626 size_t elen;
627 size_t slen;
628 size_t elms;
629 size_t inuse;
630 size_t growth;
631 volatile int lock;
632 char *name;
633
634 LIST_HEAD(, kore_pool_region) regions;
635 LIST_HEAD(, kore_pool_entry) freelist;
636 };
637
638 struct kore_timer {
639 u_int64_t nextrun;
640 u_int64_t interval;
641 int flags;
642 void *arg;
643 void (*cb)(void *, u_int64_t);
644
645 TAILQ_ENTRY(kore_timer) list;
646 };
647
648 /*
649 * Keymgr process is worker index 0, but id 2000.
650 * Acme process is worker index 1, but id 2001.
651 */
652 #define KORE_WORKER_KEYMGR_IDX 0
653 #define KORE_WORKER_ACME_IDX 1
654 #define KORE_WORKER_BASE 2
655 #define KORE_WORKER_KEYMGR 2000
656 #define KORE_WORKER_ACME 2001
657 #define KORE_WORKER_MAX UCHAR_MAX
658
659 #define KORE_WORKER_POLICY_RESTART 1
660 #define KORE_WORKER_POLICY_TERMINATE 2
661
662 /* Reserved message ids, registered on workers. */
663 #define KORE_MSG_WEBSOCKET 1
664 #define KORE_MSG_KEYMGR_REQ 2
665 #define KORE_MSG_KEYMGR_RESP 3
666 #define KORE_MSG_SHUTDOWN 4
667 #define KORE_MSG_ENTROPY_REQ 5
668 #define KORE_MSG_ENTROPY_RESP 6
669 #define KORE_MSG_CERTIFICATE 7
670 #define KORE_MSG_CERTIFICATE_REQ 8
671 #define KORE_MSG_CRL 9
672 #define KORE_MSG_ACCEPT_AVAILABLE 10
673 #define KORE_PYTHON_SEND_OBJ 11
674 #define KORE_MSG_WORKER_LOG 12
675 #define KORE_MSG_ACME_BASE 100
676
677 /* messages for applications should start at 201. */
678 #define KORE_MSG_APP_BASE 200
679
680 /* Predefined message targets. */
681 #define KORE_MSG_PARENT 1000
682 #define KORE_MSG_WORKER_ALL 1001
683
684 struct kore_msg {
685 u_int8_t id;
686 u_int16_t src;
687 u_int16_t dst;
688 size_t length;
689 };
690
691 struct kore_keyreq {
692 int padding;
693 char domain[KORE_DOMAINNAME_LEN + 1];
694 size_t data_len;
695 u_int8_t data[];
696 };
697
698 struct kore_x509_msg {
699 char domain[KORE_DOMAINNAME_LEN + 1];
700 size_t data_len;
701 u_int8_t data[];
702 };
703
704 #if !defined(KORE_SINGLE_BINARY)
705 extern char *config_file;
706 #endif
707
708 extern pid_t kore_pid;
709 extern int kore_quit;
710 extern int kore_quiet;
711 extern int kore_debug;
712 extern int skip_chroot;
713 extern int skip_runas;
714 extern int kore_foreground;
715
716 extern char *kore_pidfile;
717
718 extern volatile sig_atomic_t sig_recv;
719
720 extern char *kore_rand_file;
721 extern int kore_keymgr_active;
722
723 extern struct kore_privsep worker_privsep;
724 extern struct kore_privsep keymgr_privsep;
725 extern struct kore_privsep acme_privsep;
726
727 extern u_int8_t nlisteners;
728 extern u_int16_t cpu_count;
729 extern u_int8_t worker_count;
730 extern const char *kore_version;
731 extern const char *kore_build_date;
732 extern int worker_policy;
733 extern u_int8_t worker_set_affinity;
734 extern u_int32_t worker_rlimit_nofiles;
735 extern u_int32_t worker_max_connections;
736 extern u_int32_t worker_active_connections;
737 extern u_int32_t worker_accept_threshold;
738 extern u_int64_t kore_websocket_maxframe;
739 extern u_int64_t kore_websocket_timeout;
740 extern u_int32_t kore_socket_backlog;
741
742 extern struct kore_worker *worker;
743 extern struct kore_pool nb_pool;
744 extern struct kore_domain *primary_dom;
745 extern struct kore_server_list kore_servers;
746
747 /* kore.c */
748 void kore_signal(int);
749 void kore_shutdown(void);
750 void kore_signal_trap(int);
751 void kore_signal_setup(void);
752 void kore_proctitle(const char *);
753 void kore_default_getopt(int, char **);
754
755 void kore_server_closeall(void);
756 void kore_server_cleanup(void);
757 void kore_server_free(struct kore_server *);
758 void kore_server_finalize(struct kore_server *);
759
760 struct kore_server *kore_server_create(const char *);
761 struct kore_server *kore_server_lookup(const char *);
762
763 void kore_listener_accept(void *, int);
764 struct listener *kore_listener_lookup(const char *);
765 void kore_listener_free(struct listener *);
766 struct listener *kore_listener_create(struct kore_server *);
767 int kore_listener_init(struct listener *, int, const char *);
768
769 int kore_sockopt(int, int, int);
770 int kore_server_bind_unix(struct kore_server *,
771 const char *, const char *);
772 int kore_server_bind(struct kore_server *,
773 const char *, const char *, const char *);
774 /* worker.c */
775 void kore_worker_reap(void);
776 int kore_worker_init(void);
777 void kore_worker_privsep(void);
778 void kore_worker_started(void);
779 void kore_worker_make_busy(void);
780 void kore_worker_shutdown(void);
781 void kore_worker_dispatch_signal(int);
782 int kore_worker_spawn(u_int16_t, u_int16_t, u_int16_t);
783 int kore_worker_keymgr_response_verify(struct kore_msg *,
784 const void *, struct kore_domain **);
785
786 void kore_worker_entry(struct kore_worker *) __attribute__((noreturn));
787
788 struct kore_worker *kore_worker_data(u_int8_t);
789 struct kore_worker *kore_worker_data_byid(u_int16_t);
790
791 /* platform code (linux.c, bsd.c) */
792 void kore_platform_init(void);
793 void kore_platform_sandbox(void);
794 void kore_platform_event_init(void);
795 void kore_platform_event_cleanup(void);
796 void kore_platform_disable_read(int);
797 void kore_platform_disable_write(int);
798 void kore_platform_enable_accept(void);
799 void kore_platform_disable_accept(void);
800 void kore_platform_event_wait(u_int64_t);
801 void kore_platform_event_all(int, void *);
802 void kore_platform_event_level_all(int, void *);
803 void kore_platform_event_level_read(int, void *);
804 void kore_platform_proctitle(const char *);
805 void kore_platform_schedule_read(int, void *);
806 void kore_platform_schedule_write(int, void *);
807 void kore_platform_event_schedule(int, int, int, void *);
808 void kore_platform_worker_setcpu(struct kore_worker *);
809
810 #if defined(KORE_USE_PLATFORM_SENDFILE)
811 int kore_platform_sendfile(struct connection *, struct netbuf *);
812 #endif
813
814 #if defined(KORE_USE_PLATFORM_PLEDGE)
815 void kore_platform_pledge(void);
816 void kore_platform_add_pledge(const char *);
817 #endif
818
819 /* tls variants. */
820 #define KORE_X509_NAME_COMMON_NAME 1
821
822 void kore_tls_init(void);
823 void kore_tls_cleanup(void);
824 void kore_tls_dh_check(void);
825 int kore_tls_supported(void);
826 void kore_tls_version_set(int);
827 void kore_tls_keymgr_init(void);
828 int kore_tls_dh_load(const char *);
829 void kore_tls_seed(const void *, size_t);
830 int kore_tls_ciphersuite_set(const char *);
831 int kore_tls_read(struct connection *, size_t *);
832 void kore_tls_domain_cleanup(struct kore_domain *);
833 int kore_tls_connection_accept(struct connection *);
834 void kore_tls_connection_cleanup(struct connection *);
835 int kore_tls_write(struct connection *, size_t, size_t *);
836 void kore_tls_domain_crl(struct kore_domain *, const void *, size_t);
837 void kore_tls_domain_setup(struct kore_domain *,
838 int, const void *, size_t);
839
840 KORE_PRIVATE_KEY *kore_tls_rsakey_load(const char *);
841 KORE_PRIVATE_KEY *kore_tls_rsakey_generate(const char *);
842
843 int kore_tls_x509_data(struct connection *, u_int8_t **, size_t *);
844 KORE_X509_NAMES *kore_tls_x509_issuer_name(struct connection *);
845 KORE_X509_NAMES *kore_tls_x509_subject_name(struct connection *);
846 int kore_tls_x509name_foreach(KORE_X509_NAMES *, int, void *,
847 int (*)(void *, int, int, const char *,
848 const void *, size_t, int));
849 /* accesslog.c */
850 void kore_accesslog_init(u_int16_t);
851 void kore_accesslog_worker_init(void);
852 void kore_accesslog_run(void *, u_int64_t);
853 void kore_accesslog_gather(void *, u_int64_t, int);
854
855 #if !defined(KORE_NO_HTTP)
856 /* auth.c */
857 int kore_auth_run(struct http_request *, struct kore_auth *);
858 int kore_auth_cookie(struct http_request *, struct kore_auth *);
859 int kore_auth_header(struct http_request *, struct kore_auth *);
860 int kore_auth_request(struct http_request *, struct kore_auth *);
861 void kore_auth_init(void);
862 int kore_auth_new(const char *);
863 struct kore_auth *kore_auth_lookup(const char *);
864 #endif
865
866 /* timer.c */
867 void kore_timer_init(void);
868 void kore_timer_run(u_int64_t);
869 u_int64_t kore_timer_next_run(u_int64_t);
870 void kore_timer_remove(struct kore_timer *);
871 struct kore_timer *kore_timer_add(void (*cb)(void *, u_int64_t),
872 u_int64_t, void *, int);
873
874 /* connection.c */
875 void kore_connection_init(void);
876 void kore_connection_cleanup(void);
877 void kore_connection_prune(int);
878 struct connection *kore_connection_new(void *);
879 void kore_connection_event(void *, int);
880 int kore_connection_nonblock(int, int);
881 void kore_connection_check_timeout(u_int64_t);
882 int kore_connection_handle(struct connection *);
883 void kore_connection_remove(struct connection *);
884 void kore_connection_disconnect(struct connection *);
885 void kore_connection_start_idletimer(struct connection *);
886 void kore_connection_stop_idletimer(struct connection *);
887 void kore_connection_check_idletimer(u_int64_t,
888 struct connection *);
889 int kore_connection_accept(struct listener *,
890 struct connection **);
891
892 void kore_log_init(void);
893 void kore_log_file(const char *);
894
895 #if defined(KORE_USE_PYTHON)
896 int kore_configure_setting(const char *, char *);
897 #endif
898
899 /* config.c */
900 void kore_parse_config(void);
901 void kore_parse_config_file(FILE *);
902
903 /* mem.c */
904 void *kore_malloc(size_t);
905 void *kore_calloc(size_t, size_t);
906 void *kore_realloc(void *, size_t);
907 void kore_free(void *);
908 void kore_mem_init(void);
909 void kore_mem_cleanup(void);
910 void kore_mem_untag(void *);
911 void *kore_mem_lookup(u_int32_t);
912 void kore_mem_zero(void *, size_t);
913 void kore_mem_tag(void *, u_int32_t);
914 void *kore_malloc_tagged(size_t, u_int32_t);
915
916 /* pool.c */
917 void *kore_pool_get(struct kore_pool *);
918 void kore_pool_put(struct kore_pool *, void *);
919 void kore_pool_init(struct kore_pool *, const char *,
920 size_t, size_t);
921 void kore_pool_cleanup(struct kore_pool *);
922
923 /* utils.c */
924 void kore_debug_internal(char *, int, const char *, ...);
925 void fatal(const char *, ...) __attribute__((noreturn));
926 void fatalx(const char *, ...) __attribute__((noreturn));
927
928 u_int64_t kore_time_ms(void);
929 char *kore_time_to_date(time_t);
930 char *kore_strdup(const char *);
931 time_t kore_date_to_time(const char *);
932 void kore_log(int, const char *, ...)
933 __attribute__((format (printf, 2, 3)));
934 u_int64_t kore_strtonum64(const char *, int, int *);
935 size_t kore_strlcpy(char *, const char *, const size_t);
936 void kore_server_disconnect(struct connection *);
937 int kore_split_string(char *, const char *, char **, size_t);
938 void kore_strip_chars(char *, const char, char **);
939 int kore_snprintf(char *, size_t, int *, const char *, ...);
940 long long kore_strtonum(const char *, int, long long, long long, int *);
941 double kore_strtodouble(const char *, long double, long double, int *);
942 int kore_base64_encode(const void *, size_t, char **);
943 int kore_base64_decode(const char *, u_int8_t **, size_t *);
944 int kore_base64url_encode(const void *, size_t, char **, int);
945 int kore_base64url_decode(const char *, u_int8_t **, size_t *, int);
946 int kore_x509_issuer_name(struct connection *, char **, int);
947 int kore_x509_subject_name(struct connection *, char **, int);
948
949 void *kore_mem_find(void *, size_t, const void *, size_t);
950 char *kore_text_trim(char *, size_t);
951 char *kore_read_line(FILE *, char *, size_t);
952
953 #if !defined(KORE_NO_HTTP)
954 /* websocket.c */
955 void kore_websocket_handshake(struct http_request *,
956 const char *, const char *, const char *);
957 int kore_websocket_send_clean(struct netbuf *);
958 void kore_websocket_send(struct connection *,
959 u_int8_t, const void *, size_t);
960 void kore_websocket_broadcast(struct connection *,
961 u_int8_t, const void *, size_t, int);
962 #endif
963
964 /* msg.c */
965 void kore_msg_init(void);
966 void kore_msg_worker_init(void);
967 void kore_msg_parent_init(void);
968 void kore_msg_unregister(u_int8_t);
969 void kore_msg_parent_add(struct kore_worker *);
970 void kore_msg_parent_remove(struct kore_worker *);
971 void kore_msg_send(u_int16_t, u_int8_t, const void *, size_t);
972 int kore_msg_register(u_int8_t,
973 void (*cb)(struct kore_msg *, const void *));
974
975 #if !defined(KORE_NO_HTTP)
976 /* filemap.c */
977 void kore_filemap_init(void);
978 void kore_filemap_resolve_paths(void);
979 int kore_filemap_create(struct kore_domain *, const char *,
980 const char *);
981 extern char *kore_filemap_ext;
982 extern char *kore_filemap_index;
983 #endif
984
985 /* fileref.c */
986 void kore_fileref_init(void);
987 struct kore_fileref *kore_fileref_get(const char *, int);
988 struct kore_fileref *kore_fileref_create(struct kore_server *,
989 const char *, int, off_t, struct timespec *);
990 void kore_fileref_release(struct kore_fileref *);
991
992 /* domain.c */
993 struct kore_domain *kore_domain_new(const char *);
994 struct kore_domain *kore_domain_byid(u_int16_t);
995 struct kore_domain *kore_domain_lookup(struct kore_server *, const char *);
996
997 void kore_domain_init(void);
998 void kore_domain_cleanup(void);
999 void kore_domain_free(struct kore_domain *);
1000 void kore_module_init(void);
1001 void kore_module_cleanup(void);
1002 void kore_module_reload(int);
1003 void kore_module_onload(void);
1004 int kore_module_loaded(void);
1005 void kore_domain_closelogs(void);
1006 void *kore_module_getsym(const char *, struct kore_runtime **);
1007 void kore_domain_load_crl(void);
1008 void kore_domain_keymgr_init(void);
1009 void kore_domain_callback(void (*cb)(struct kore_domain *));
1010 int kore_domain_attach(struct kore_domain *, struct kore_server *);
1011
1012 #if !defined(KORE_NO_HTTP)
1013 /* route.c */
1014 void kore_route_reload(void);
1015 void kore_route_free(struct kore_route *);
1016 void kore_route_callback(struct kore_route *, const char *);
1017
1018 struct kore_route *kore_route_create(struct kore_domain *,
1019 const char *, int);
1020 int kore_route_lookup(struct http_request *,
1021 struct kore_domain *, int, struct kore_route **);
1022 #endif
1023
1024 /* runtime.c */
1025 struct kore_runtime_call *kore_runtime_getcall(const char *);
1026 struct kore_module *kore_module_load(const char *,
1027 const char *, int);
1028
1029 void kore_runtime_execute(struct kore_runtime_call *);
1030 int kore_runtime_onload(struct kore_runtime_call *, int);
1031 void kore_runtime_signal(struct kore_runtime_call *, int);
1032 void kore_runtime_configure(struct kore_runtime_call *, int, char **);
1033 void kore_runtime_connect(struct kore_runtime_call *, struct connection *);
1034 #if !defined(KORE_NO_HTTP)
1035 int kore_runtime_http_request(struct kore_runtime_call *,
1036 struct http_request *);
1037 void kore_runtime_http_request_free(struct kore_runtime_call *,
1038 struct http_request *);
1039 void kore_runtime_http_body_chunk(struct kore_runtime_call *,
1040 struct http_request *, const void *, size_t);
1041 int kore_runtime_validator(struct kore_runtime_call *,
1042 struct http_request *, const void *);
1043 void kore_runtime_wsconnect(struct kore_runtime_call *, struct connection *);
1044 void kore_runtime_wsdisconnect(struct kore_runtime_call *,
1045 struct connection *);
1046 void kore_runtime_wsmessage(struct kore_runtime_call *,
1047 struct connection *, u_int8_t, const void *, size_t);
1048 #endif
1049
1050 #if !defined(KORE_NO_HTTP)
1051 /* validator.c */
1052 void kore_validator_init(void);
1053 void kore_validator_reload(void);
1054 int kore_validator_add(const char *, u_int8_t, const char *);
1055 int kore_validator_run(struct http_request *, const char *, char *);
1056 int kore_validator_check(struct http_request *,
1057 struct kore_validator *, const void *);
1058 struct kore_validator *kore_validator_lookup(const char *);
1059 #endif
1060
1061 const char *kore_worker_name(int);
1062
1063 /* net.c */
1064 u_int16_t net_read16(u_int8_t *);
1065 u_int32_t net_read32(u_int8_t *);
1066 u_int64_t net_read64(u_int8_t *);
1067 void net_write16(u_int8_t *, u_int16_t);
1068 void net_write32(u_int8_t *, u_int32_t);
1069 void net_write64(u_int8_t *, u_int64_t);
1070
1071 void net_init(void);
1072 void net_cleanup(void);
1073 struct netbuf *net_netbuf_get(void);
1074 int net_send(struct connection *);
1075 int net_send_flush(struct connection *);
1076 int net_recv_flush(struct connection *);
1077 int net_read(struct connection *, size_t *);
1078 int net_write(struct connection *, size_t, size_t *);
1079 void net_recv_reset(struct connection *, size_t,
1080 int (*cb)(struct netbuf *));
1081 void net_remove_netbuf(struct connection *, struct netbuf *);
1082 void net_recv_queue(struct connection *, size_t, int,
1083 int (*cb)(struct netbuf *));
1084 void net_recv_expand(struct connection *c, size_t,
1085 int (*cb)(struct netbuf *));
1086 void net_send_queue(struct connection *, const void *, size_t);
1087 void net_send_stream(struct connection *, void *,
1088 size_t, int (*cb)(struct netbuf *), struct netbuf **);
1089 void net_send_fileref(struct connection *, struct kore_fileref *);
1090
1091 /* buf.c */
1092 void kore_buf_free(struct kore_buf *);
1093 struct kore_buf *kore_buf_alloc(size_t);
1094 void kore_buf_init(struct kore_buf *, size_t);
1095 void kore_buf_append(struct kore_buf *, const void *, size_t);
1096 u_int8_t *kore_buf_release(struct kore_buf *, size_t *);
1097 void kore_buf_reset(struct kore_buf *);
1098 void kore_buf_cleanup(struct kore_buf *);
1099
1100 char *kore_buf_stringify(struct kore_buf *, size_t *);
1101 void kore_buf_appendf(struct kore_buf *, const char *, ...);
1102 void kore_buf_appendv(struct kore_buf *, const char *, va_list);
1103 void kore_buf_replace_string(struct kore_buf *,
1104 const char *, const void *, size_t);
1105
1106 /* json.c */
1107 int kore_json_errno(void);
1108 int kore_json_parse(struct kore_json *);
1109 void kore_json_cleanup(struct kore_json *);
1110 void kore_json_item_free(struct kore_json_item *);
1111 void kore_json_init(struct kore_json *, const void *, size_t);
1112 void kore_json_item_tobuf(struct kore_json_item *, struct kore_buf *);
1113 void kore_json_item_attach(struct kore_json_item *, struct kore_json_item *);
1114
1115 const char *kore_json_strerror(void);
1116 struct kore_json_item *kore_json_find(struct kore_json_item *,
1117 const char *, u_int32_t);
1118 struct kore_json_item *kore_json_create_item(struct kore_json_item *,
1119 const char *, u_int32_t, ...);
1120
1121 /* keymgr.c */
1122 void kore_keymgr_run(void);
1123 void kore_keymgr_cleanup(int);
1124
1125 #if defined(__cplusplus)
1126 }
1127 #endif
1128
1129 #endif /* !__H_KORE_H */